-
Notifications
You must be signed in to change notification settings - Fork 51
/
types.go
118 lines (93 loc) · 2.84 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
package apiauth
import (
"crypto/tls"
"net"
"net/http"
"net/url"
"go.aporeto.io/trireme-lib/collector"
"go.aporeto.io/trireme-lib/controller/pkg/pucontext"
"go.aporeto.io/trireme-lib/policy"
)
// Request captures all the important items of request that are needed
// for processing the authorization decision.
type Request struct {
// SourceAddress, only required for network authorization requests.
SourceAddress *net.TCPAddr
// OriginalDestination required for all requests.
OriginalDestination *net.TCPAddr
// HTTP header information.
Method string
URL *url.URL
RequestURI string
Header http.Header
Cookie *http.Cookie
// TLS information. This is optional if mutual TLS based authorization
// must be supported.
TLS *tls.ConnectionState
}
// NetworkAuthResponse is the decision of the authorization process.
type NetworkAuthResponse struct {
// Discovered service context and associated information.
PUContext *pucontext.PUContext
ServiceID string
Namespace string
// Network policy ID and service that affect the call.
NetworkPolicyID string
NetworkServiceID string
// Definition of the source.
SourceType collector.EndPointType
SourcePUID string
// Action associated with the response and DropReason if dropped.
Action policy.ActionType
DropReason string
// Redirect information that should be used by the responder.
Redirect bool
RedirectURI string
Cookie *http.Cookie
Data string
Header http.Header
// UserAttrbutes discovered from the tokens.
UserAttributes []string
// TLSListener determines that TLS must be re-initiated towards
// the listener.
TLSListener bool
}
// AppAuthResponse is the decision of the authorization process.
type AppAuthResponse struct {
// Discovered context and service information
PUContext *pucontext.PUContext
ServiceID string
External bool
// Network policy ID and service ID that affect the response.
NetworkPolicyID string
NetworkServiceID string
// Action of the response and DropReason if the call must be dropped.
Action policy.ActionType
DropReason string
// Resolved token
Token string
// HookMethod is the corresponding HTTP rule hook method
HookMethod string
// TLSListener indicates that the external entity is a TLS listener,
// and we must start a TLS session. Only applies to External connections.
TLSListener bool
}
// AuthError implements the error interface, but provides additional information
// for the types of errors discovered.
type AuthError struct {
status int
message string
err error
}
// Error implement the string interface of error.
func (a *AuthError) Error() string {
return a.message
}
// Message returns the message of the error.
func (a *AuthError) Message() string {
return a.message
}
// Status returns the status of the message.
func (a *AuthError) Status() int {
return a.status
}